Advertisement

Header Utility Menu

  • Subscribe
  • Advertise
  • Contact Us
  • Events

LinkedIn Facebook Twitter Instagram Get Our App

  • Login

Virginia Business

Mobile Menu

  • Issues
  • Industries
    • Banking/Finances
    • Law
    • Real Estate
    • Economic Development
    • Education
    • Energy/Green
    • Federal Contracting
    • Government
    • Healthcare
    • Hotels/Tourism
    • Insurance
    • Ports/Trade
    • Small Business
    • Startups
    • Technology
    • Transportation
  • Regions
    • Central Virginia
    • Eastern Virginia
    • Northern Virginia
    • Roanoke/New River Valley
    • Shenandoah Valley
    • Southern Virginia
    • Southwest Virginia
  • Reports
    • Best Places to Work
    • Business Person of the Year
    • CEO Pay
    • COVID-19
    • Generous Virginians Project
    • Legal Elite
    • Most Influential Virginians
    • Maritime Guide
    • Site Locator
    • The Big Book
    • Virginia CFO Awards
  • Company News
    • For the Record
    • People
  • Opinion
  • Lists
  • Awards/Events
    • Nominate a Virginia financial professional
    • Nominate A Woman in Leadership Today
    • 2022 Virginia Business Political Roundtable
    • Women in Leadership
    • Diversity Leadership Series
    • Virginia 500
    • Legal Elite
    • CFO Awards
    • Big Book of Lists
    • 100 People To Meet
    • Best Places To Work
  • Virginia 500
    • Read The Issue
    • Power Up Virginia 500
    • Buy an award plaque
    • Suggest execs for 2023

Advertisement

Header Primary Menu

  • Issues
    • April 2023
    • March 2023
    • February 2023
    • January 2023
    • December 2022
    • Issues Archive
  • Industries
    • Banking/Finances
    • Law
    • Real Estate
    • Economic Development
    • Education
    • Energy/Green
    • Federal Contracting
    • Government
    • Healthcare
    • Hotels/Tourism
    • Insurance
    • Ports/Trade
    • Small Business
    • Startups
    • Technology
    • Transportation
  • Regions
    • Central Virginia
    • Eastern Virginia
    • Northern Virginia
    • Roanoke/New River Valley
    • Shenandoah Valley
    • Southern Virginia
    • Southwest Virginia
  • Reports
    • Best Places to Work
    • Business Person of the Year
    • CEO Pay
    • COVID-19
    • Generous Virginians Project
    • Legal Elite
    • Most Influential Virginians
    • Maritime Guide
    • Site Locator
    • The Big Book
    • Virginia CFO Awards
  • Company News
    • For the Record
    • People
  • Opinion
  • Lists
  • Awards/Events
    • Nominate a Virginia financial professional
    • Nominate A Woman in Leadership Today
    • 2022 Virginia Business Political Roundtable
    • Women in Leadership
    • Diversity Leadership Series
    • Virginia 500
    • Legal Elite
    • CFO Awards
    • Big Book of Lists
    • 100 People To Meet
    • Best Places To Work
  • Virginia 500
    • Read The Issue
    • Power Up Virginia 500
    • Buy an award plaque
    • Suggest execs for 2023

Home Opinion The importance of comprehensive cyber insurance

The importance of comprehensive cyber insurance

Published August 3, 2015 by Franklin R. Cragle, III

Over the last year, cyber crimes have dominated front-page media coverage. Sony. Anthem. The Home Depot. Target. Even now, reports of overseas hackers accessing the U.S. government employee databases are terrifying the nation. These cyber breaches can cost tens-of-millions of dollars to mitigate. For a small company, like many that make up the Virginia landscape, a multimillion-dollar liability caused by a cyber attack could mean closing its doors for good. To protect against these types of liabilities, companies of all sizes must have robust cyber insurance coverage. 

Small and midsized businesses as primary targets

According to the Identity Theft Resource Center, as of June 23, 2015, 380 reported cyber breaches in the U.S. resulted in the exposure of 117.4 million records. The overwhelming majority of these breaches were not the size of Sony or Anthem; they were smaller companies who are often more vulnerable to attacks. Symantec reported in its 2014 Internet Security Threat Report that small (250 employees or fewer) to mid-sized (251 to 2,500 employees) businesses have seen huge spikes in cyber attacks. These attacks increased 61 percent from 2012 to 2013.

The duration of these attacks also changed, increasing from four to approximately eight days as criminals engaged in a “low and slow” approach specially designed to elude the victim’s suspicion.  

Smaller organizations are becoming a common target of cyber crimes for several reasons. Companies of this size tend to have fewer safeguards or internal protocols to protect against these types of attacks, and they generally do not invest in employee training or company policies for cyber protection (and even if policies are in place, smaller companies tend to lack the resources for enforcement).

In a 2012 study on cyber security mistakes, KPMG found that “the human factor” remains “the weakest link in relation to [cyber] security.” Hackers readily overcome firewalls and other safeguards largely by focusing their efforts on employees who are not educated on the risks.

The most common methods of cyber attack remain phishing (the deposed Nigerian prince who needs your help); viruses attached to unsecured or unknown downloads; and open Wi-Fi accounts. Additionally, a new method called “spear phishing” is becoming a hacker favorite: these solicitations appear to come from a trusted source and request sensitive information.

Small-to-midsize companies should respond to increased victimization with more robust internal protections and specialized insurance coverage to mitigate their risk.

Courts rejecting cyber coverage under CGL policies

Nearly all companies have (or should have) Commercial General Liability (CGL) policies. These tried-and-true policies protect against physical injury or damage to property in the event of an “occurrence.” Accordingly, when breaches occur, policyholders naturally turn to their CGL policy and expect coverage.  Insurers, however, have taken the position that CGL policies do not cover cyber-attacks — and the courts tend to agree.

In May 2015, a Connecticut court rejected an insured’s claim for CGL policy coverage as the result of a cyber breach in Recall Total Info Mgmt. v. Federal Ins. Co. In this case, Recall lost digital employment data for approximately 500,000 of IBM’s employees when a box of back-up tapes literally fell off the back of Recall’s truck. Despite the loss of these records, the court rejected the CGL claim, determining that the records were not “published.” It cost approximately $6 million to remediate this claim through notification and employee credit protection.

In Eyeblaster Inc. v. Federal Ins. Co., the court determined that a CGL policy did not cover claims where computers became infected with spyware after visiting Eyeblaster’s website. The court reasoned that CGL policies protect against property damage meaning “physical injury to tangible property” and that, unless the computer’s hardware was physically damaged, CGL policies do not protect against the software and information contained in the computer.

Similarly, in Travelers Indem. Co. of CT v. P.F. Chang’s China Bistro, Inc., Travelers asserted it does not owe coverage to P.F. Chang’s under its CGL policy for a massive, nine-month data breach that gave hackers access to credit and debit card information for roughly 7 million customers. Although the case is currently stayed for other reasons, it provides another example of an insurer rejecting cyber claims under the insured’s CGL policy.

Best practices — audit and acquire necessary coverage

With hackers focusing on small to mid-sized companies and courts rejecting claims that CGL policies cover cyber attacks, companies must turn to specialized insurance policies for protection.

Audits are a first step in this protection. Insurance brokers can provide a degree of comfort with regard to policy terms and conditions, however, with the changing legal landscape, insurance auditors and coverage attorneys can ensure the most appropriate coverage. After the audit is complete, it is critical that the company fill in any gaps by obtaining additional cyber coverage.

Cyber policies are not a luxury of large corporations; they are a necessary tool to protect smaller companies who could be put out of business by the costs of mitigating a single cyber attack.

Frank Cragle is a trial lawyer and member of the Insurance Recovery Team and Data Privacy and Security Practice at Hirschler Fleischer in Richmond. He may be reached at (804) 771-9515 or by email at [email protected]

Related Stories

No related posts.

Trending

ESPN: Snyders receive two $6B bids for Commanders

U.Va. commerce alum donates $10M for scholarships

Youngkin announces $8.1M in GO Virginia grants

Arko tries to keep $1.4B TravelCenters of America bid alive

ITA International names new CEO

Sponsored Stories

Working at Pinnacle Financial Partners

What Logistics issues will have the biggest impact on you in 2023?

In the New Year, Aim for Better Cybersecurity

Advertisement

Advertisement

Trending

ESPN: Snyders receive two $6B bids for Commanders

U.Va. commerce alum donates $10M for scholarships

Youngkin announces $8.1M in GO Virginia grants

Arko tries to keep $1.4B TravelCenters of America bid alive

ITA International names new CEO

Sponsored Stories

Working at Pinnacle Financial Partners

What Logistics issues will have the biggest impact on you in 2023?

In the New Year, Aim for Better Cybersecurity

Get Virginia Business directly on your tablet or in your mailbox!

Subscribe to Virginia Business

Advertisement

Advertisement

Footer Primary Menu

  • virginiabusiness.com
  • Subscribe
  • Advertise
  • About Us
  • Contact Us

Footer Secondary Menu

  • Industries
  • Regions
  • Reports
  • Company News
  • Events

Sign Up For Our Newsletter

Sign Up

LinkedIn Facebook Twitter Instagram Get Our App

Privacy Policy Cookie Policy

Footer Utility Menu

Copyright © 2023 Virginia Business. All rights reserved.

Site Maintained by TechArk